SpireTech Blog - Tag: WordPress
Wordpress security, news, and updates for SpireTech hosting customers.
In response to customer demand for increased site security, SpireTech is now offering Managed WordPress Hosting. The package includes monthly security updates to your WordPress site, and several other features:
- Monthly security updates to the WordPress framework, and the plugins and themes contained within
- Backups of the WordPress website and all data contained within once every 24 hours
- One hour per month of technical support, which includes:
- Minor content updates of textual content
- Upload and inclusion of customer-provided images
- Installation of plugins and any minor required configuration
- Installation of code snippets (such as Google Analytics)
- Modification of certain PHP configuration, such as version, memory limit, and other configuration variables
- DNS record edits, if DNS is hosted at SpireTech
Over the last two months, we have seen several customers have their WordPress websites hacked. Hackers installed a plugin or other backdoors and used the sites to send thousands of spam messages – or worse. All sites were successfully recovered from backup and repaired by our Service desk, which is a billable event.
Our investigation revealed that the hacks were due to sites not being kept up to date with security updates, or poor password management practices. Read the rest of this month’s articles to discover ways to secure your WordPress website, and Managed WordPress hosting. Read more...
In response to frequent WordPress hacks, we thought it might be helpful to write about some of the best practices we’ve used to secure WordPress websites.
- Use unique, strong passwords for your login. One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site. Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations.
- Use Multifactor Authentication at your Wordpress login. Plugins such as “Google Authenticator” will implement this.
- Update your installation at least monthly. This includes updating WordPress itself, all plugins, and any themes you’ve installed.
- Change your login page. Bots will try the default login URL to find your login page. Simply changing this URL to something unique will give them nothing to probe. Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily.
- Install a security plugin. Multiple plugins exist for free that will ban IP addresses that repeatedly try to access your login page, or change the default URL for you. Caution
Ensuring that your website is protected against hackers is no longer a difficult task. With the fast growth of WordPress sites, protecting yourself from outside intrusion is very important, and is as simple as clicking the update button. WordPress is frequently updated with new feature sets and security patches that protect websites from hackers.
The newest WordPress release, version 3.5.1, fixed several security vulnerabilities that affected all previous versions of WordPress. This vulnerability allowed hackers to remotely scan WordPress sites to search for information that would allow them to deface your website, and upload spam advertisements onto your page. Many sites that are still running older versions of WordPress are at risk of falling prey to these types of attacks simply because their site has not been updated.
We advise all WordPress users to update their site as soon as possible to ensure your website remains in your control.
However, hackers are not simply limited to software vulnerabilities, they can sometimes exploit simple passwords to gain access to your website. Read more...